Re: Securing bind..
On Mon, 31 Dec 2001 06:52, P Prince wrote:
> > there are two major problems with all of bernstein's software. the
> > first is that it requires you to throw away your existing
> > configuration...no big deal for a caching only name-server or if you
> > only have one or two domains to serve. a severe pain in the arse if you
> > have hundreds or thousands of domains.
>
> This is crazy. Anytime you change software packages, you must rewrite your
> configuration.
If two programs perform the same task then why can't they use the same config
file? Writing a program to support two different formats of config file
isn't so difficult.
> And, if you or anyone you know manages thousands of
> domains, I'll mail you a crisp, clean 20 dollar bill. (In order to be
> eligible, you must provide the name of your employer, so that I can avoid
> their service.)
Please mail a $20 bill to Craig and one to me as well.
While working for Versatel Telecom BV in Amsterdam I was running the
24hoursnet service. That service had over 4000 domains setup in bind (with
scripts to create bind zone files from LDAP).
Why would you want to avoid such a service? It doesn't make sense for every
small company that wants a web site to have to run their own DNS etc. It
makes sense for a telco to run the sites for thousands of small companies,
telcos can afford to pay people such as Craig and myself to run their servers
in a reliable and secure fashion instead of having the secretary try to setup
a set of ISP servers (with all the security and reliability problems you'd
expect).
> > > Broken as many of them are, they still work quite well with djbdns,
> > > thank you.
> >
> > named.conf doesn't work with djbdns - a minor problem.
>
> This is a stupid argument. httpd.conf doesn't work well with thttpd, and
> proftpd.conf doesn't work well at all with wu-ftpd.
Consider mail servers. Currently there is a range of mail servers that can
deliver to /var/mail/user-name or ~/Maildir/ storage and which honour
.forward files, Postfix being a good example. I can change a Postfix
installation to use Procmail for delivery and it'll deliver mail in the same
way. If I choose to switch from Postfix to another server then it's not
difficult to find another server using .forward files and /etc/aliases etc
(NB Qmail does not do this).
Then there's about 6 POP servers and about 3 IMAP servers I can choose from
(actually there's probably more, I'm just thinking of ones I've used or heard
good reports about) which all use the same data store.
Contrast this to using Cyrus, Netscape iPlanet mail server, Exchange, Notes,
or another mail server which has it's own strange and unique format for
everything.
> > > > an additional part of the price you pay is djb's moronic non-free
> > > > software license
> > >
> > > Really?
> > >
> > > <http://cr.yp.to/distributors.html>
> >
> > yes, really. non-free.
> >
> > if you don't understand WHY it's non-free then read the DFSG again.
>
> This doesn't deserve a response.
There is no response. DJB software is not in Debian for a reason...
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
PS When quoting messages please trim out the .sig lines etc. It just wastes
bandwidth and doesn't gain anything.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: